name: Docker Publish

# This workflow will build and publish all public Docker images to the configured registry.
# Set the input `dry_run` to `false` to skip pushing images to the registry.

on:
  schedule:
  # Weekly on Sunday at 04:45 UTC
  - cron: '45 4 * * 0'
  workflow_dispatch:
    inputs:
      dry_run:
        description: "Dry run (skip push step)"
        type: boolean
        required: true
        default: true
      registry:
        description: "Where to upload the images"
        required: true
        type: choice
        options:
          - ghcr.io
          - docker.io

jobs:
  build_meltano_image:
    runs-on: ubuntu-latest
    permissions:
      actions: read
      contents: read
      packages: write
      security-events: write
    env:
      DEFAULT_PYTHON: "3.9"  # will be used in 'latest' images

    strategy:
      fail-fast: false
      matrix:
        python-version: ["3.8", "3.9", "3.10", "3.11", "3.12"]

    steps:
    - name: Set the workflow inputs
      # This step makes it so that the same workflow inputs can be accessed
      # regardless of what event triggered it.
      env:
        DEFAULT_DRY_RUN: "true"
        DEFAULT_REGISTRY: "ghcr.io"
      run: |
        # Boolean values don't actually work so cast to 'true' and 'false'
        # https://github.com/actions/runner/issues/1483
        echo "dry_run=${{ format('{0}', github.event.inputs.dry_run) || env.DEFAULT_DRY_RUN }}" >> $GITHUB_ENV
        echo "registry=${{ github.event.inputs.registry || env.DEFAULT_REGISTRY }}" >> $GITHUB_ENV

    - uses: actions/checkout@v4.1.4

    - name: Get Meltano version
      id: get-meltano-version
      run: |
        pipx install poetry
        poetry version
        poetry version --short
        echo "release-version=$(poetry version --short)" >> $GITHUB_OUTPUT

    - name: Generate tags
      id: generate-tags
      run: >
        python scripts/generate_docker_tags.py
        --git-sha ${{ github.sha }}
        -v ${{ steps.get-meltano-version.outputs.release-version }}
        -p ${{ matrix.python-version }}
        -d ${{ env.DEFAULT_PYTHON }}
        -r ${{ env.registry }}
        > tags

    - name: Assemble image tags
      id: assemble-tags
      run: |
        echo "If this is not a dry run, the image will be published with the following tags:"
        cat tags

        echo 'IMAGE_TAGS<<EOF' >> $GITHUB_ENV
        echo "$(cat tags)" >> $GITHUB_ENV
        echo 'EOF' >> $GITHUB_ENV

    - name: Set registry username and password
      id: user-and-pass
      run: |
        if [[ "${{ env.registry }}" == "ghcr.io" ]]; then
          echo "username=${{ github.actor }}" >> $GITHUB_OUTPUT
          echo "password=${{ secrets.GITHUB_TOKEN }}" >> $GITHUB_OUTPUT
        fi
        if [[ "${{ env.registry }}" == "docker.io" ]]; then
          echo "username=meltano" >> $GITHUB_OUTPUT
          echo "password=${{ secrets.DOCKERHUB_TOKEN }}" >> $GITHUB_OUTPUT
        fi

    - name: Build, scan, then conditionally push the Docker image for a given Python version
      uses: ./.github/actions/docker-build-scan-push
      with:
        push: ${{ env.dry_run == 'false' }}
        token: ${{ secrets.GITHUB_TOKEN }}
        tags: ${{ env.IMAGE_TAGS }}
        registry: ${{ env.registry }}
        username: ${{ steps.user-and-pass.outputs.username }}
        password: ${{ steps.user-and-pass.outputs.password }}
        python-version: ${{ matrix.python-version }}
        meltano-version: ${{ steps.get-meltano-version.outputs.release-version }}
